There has been a huge growth in information that is available today in all aspects of business. The use of the internet has made access to information relatively easy and more and more information is been required in all areas, not just financial. For example, take a look at the Bank of Kigali annual report.
This growth in information has led to a need for assurance as to the quality and reliability of that information so that users can make informed decisions based on the information that is available to them.
The International Standards on Auditing (ISA) glossary of terms gives a definition of an assurance engagement as “one in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.”
In practice, this could be an auditor expressing an opinion to the shareholders of a company on a set of financial statements prepared by management as to whether they have been prepared in a true and fair manner in accordance with accounting standards and relevant company law.
An audit is a type of assurance engagement.
LEVELS OF ASSURANCE
Various levels of assurance may be given but this depends very much on (1) the individual engagement, (2) the criteria applied and (3) the subject matter. The glossary of terms refers to two types but I will refer to three:
- Reasonable level of assurance – subject matter materially conforms to criteria; i.e. accounts give a true and fair view having regard to the accounting standards and law, such as carried out in an audit. This can also be known as a positive expression.
- Limited level of assurance – no reason to believe that subject matter does not conform to criteria. Essentially, a negative form of expression. Expect to see this in a review engagement. A review engagement is another type of assurance engagement.
- Absolute assurance – Can never be given. There are inherent limitations of an audit that affect the auditor’s ability to detect material misstatements in a set of financial statements.
THE AUDIT FUNCTION
What is an audit?
An audit is an exercise, of which the objective is to enable an independent auditor to express an opinion on whether a set of financial statements has been prepared in a true and fair manner and in accordance with an identified financial reporting framework.
An audit is an exercise the objective of which is:
- to enable an independent auditor to express an opinion,
- on whether a set of financial statements,
- are prepared, in a true and fair manner,
- in accordance with an identified financial reporting framework.
TYPES OF AUDITS
- Statutory audits as required by companies’ legislation.
- Non-statutory audits preferred by interested parties rather than being required by law. For example, charities, societies, public interest companies
- Small entity audits.
A statutory audit is an independent examination of a company’s financial statements in order to verify that the accounts have been prepared in accordance with company law and International Financial Reporting standards (IFRS) .
Not all companies however, are required to have an audit. Audit exemption guidelines exist within certain jurisdictions.
Small companies depending on the jurisdiction could possibly avail of the audit exemption because:
- The cost may outweigh the benefit.
- Small companies are generally owner managers, so no distinction between shareholders and managers.
- Many small companies lack a system of internal controls.
- Their use of basic books of record.
However, small companies can opt to have an audit carried out specifically where the potential users of financial statements may expect it. There are arguments for and against small company audits.
|Reassurance given by audited accounts for shareholders not involved in management.
|Where shareholders are part of management, the whole audit exercise may not appear to be value for money.|
|Audited accounts provide a good indication of a fair valuation for shares particularly unquoted shares.|
|An audit provides management with an independent check on the accuracy of their financial statements. Also, some auditors do provide decent management letters.||In reality, a more focused systems review or similar consultancy report would be of more benefit to management.
|Employees can gain comfort from audited accounts as to their job security and for wage negotiations.||In reality, I don’t think this actually happens.
|Bank managers often rely on audited accounts when reviewing security in the event of granting a loan.||More importantly though, a bank manager may want to see a good credit history in a company’s transactions with the bank.|
|Suppliers can gain assurance from audited accounts when giving credit to customers.
|On the contrary, the accounts might be out of date and the customer could be experiencing difficulties. Might be more appropriate to get relevant credit references.|
|Revenue can rely on audited accounts to back up tax returns.||In reality, revenue accepts sets of accounts prepared by independent accountants.|
THE LIMITATIONS OF AN AUDIT
- Not every item is checked. In fact, only test checks are carried out by auditors. It would be impractical to examine all items within a class of transactions or account balance. Hence, it is not really possible to give absolute assurance.
- Auditors depend on representations from management and staff. Collusion can mitigate some good controls such as division of duties. There is always the possibility of collusion or misrepresentation for fraudulent purposes.
- Evidence gathered is persuasive rather than conclusive. It often indicates what is probable rather than what is certain. Take for example vouching a bank statement. It only shows you that one account. Are there others?
- Auditing is not purely an objective exercise. Judgements have to be made in a number of areas. The view in financial statements is itself based on a combination of fact and judgement. For example, valuing stock in a grain silo or valuing jewellery.
- The timing of an audit. Significant credit notes after the year-end can alter a true and fair view. Problems arise whether you audit too early or too late.
- An unqualified audit opinion is not a guarantee of a company’s future viability, the effectiveness and efficiency of management, nor that fraud has not occurred in the company. Profit margins can differ from firm to firm yet both could have a clean audit report.
So are there any benefits of an audit? Yes, there are.
- The shareholders of a company are given an independent opinion as to the true and fair view of the accounts that have been prepared by management.
- The use made by third parties such as suppliers and banks of the accounts as confidence in the performance of a company.
- Auditors themselves can use the knowledge accumulated during the course of the audit to provide additional services to the company such as the provision of consultancy services or a management letter showing weaknesses in the business and recommendations to alleviate such weaknesses in the future.
- While not responsible for detecting fraud, the very fact that an audit is carried out and may uncover evidence of fraud, can help to mitigate against such risks.
- Managers in some firms may be removed from day to day transactions especially regarding remote locations and an audit can allay fears of fraud or simple bad bookkeeping
THE NEED FOR REGULATION
Where there is reduced confidence in the markets and this leads to business failure, this in turn leads to instability. As a result there is increased demand for regulation.
There has been regulation in the markets since the introduction of the concept of limited liability. The requirement for audited financial statements is a way to protect the owners of a business from unscrupulous management and also prevent the abuse of the limited liability status. Standards used are a form of self-regulation. Company law is regulation, where self- regulation doesn’t appear to be working.
Enron raised serious questions about self- regulation. In response the Sarbanes-Oxley Act of 2002 was passed in the USA. This set up improved corporate governance including enhanced internal controls and improved levels of auditor independence. This has led to attempts to strengthen regulation in a number of other countries too.
The conduct of audits is covered by:
- A code of ethics
- International Standards on Auditing Company Law.
In addition, Auditors are regulated by a number of different bodies, for example:
- The International Auditing and assurance standards board (IAASB)
- The Government
- Professional Accountancy bodies such as ICPAR
METHODOLOGY OF AN AUDIT
- Determine the scope and the audit approach.
Legislation and the auditing standards lay down the scope for statutory audits. An auditor should prepare a plan for his audit.
- Ascertain the system and controls.
Discuss the accounting system and the flow of documents with all the relevant personnel in the company. Document all your notes. Some auditors do flow charts, narrative notes and/or internal control questionnaires. Get to know the client’s business. Confirm that you have recorded the system accurately by carrying out walkthrough tests.
- Assess the system and internal controls.
Evaluate the system as it is, to weigh up its reliability and draw up a plan to test its effectiveness. At this stage you could draw up a letter to management recommending any improvements you consider from your findings. In addition, what you have learned here may influence the type of further audit testing you may carry out later on.
- Test the system and internal controls.
Above, you evaluated the controls that are in place. Now you need to test that they were effective, Compliance tests will cover many more transactions than the walkthrough tests. You need to carry out a representative sample through the accounting period.
If you can establish that the controls are indeed effective, you can reduce the amount of detailed testing later on. However, if the controls turn out to be ineffective, then more substantive tests will need to be carried out.
- Test the financial statements.
This section covers the substantive testing which has been described earlier. You are effectively trying to stand over the figures in the financial statements. Substantive tests are audit procedures performed to detect material misstatements. Remember, if you think that any error you might find in a class of transactions will not be significant, then there is little point carrying out the substantive test.
- Review the financial statements.
After all the testing has been done and the evidence gathered, you should review the accounts as to their overall reliability making a critical analysis of the content and presentation.
- Express an opinion.
You need to evaluate all the evidence you have gathered and express an opinion on a set of accounts by way of a written audit report.
You may, in addition, write a management letter which can set out improvements you recommend or to place on record specific points in connection with the audit.
ISA 200 International standards on auditing) 200: objective and general principles governing an audit of financial statements sets out what audits are all about.
- The auditor should comply with the code of ethics for professional accountants issued by the International Federation of Accountants (IFAC) and the ethical pronouncements issued by the auditor’s relevant professional body.
- The auditor should conduct an audit in accordance with International Standards of Auditing and should plan and perform an audit with an attitude of professional scepticism.
- ISA 200 also makes a very important point in that while the auditor is responsible for forming and expressing an opinion on the financial statements, the responsibility for preparing and presenting those financial statements lies with the management.
- Furthermore, the auditor does not have any responsibility with regard to the prevention and detection of fraud. Again, that lies with the management.